If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Reverse Command Prompt Suggestions

I didn't know exactly which forum to post this question. I thought this would be the most logical.

I am conducting a test of technical security controls for a client and I'm looking for the easiest way to do this. I mainly want to test their IDS and AV capabilities. This is not a comprehense test of their systems, just a part as you can see.

I would like your suggestions on programs that can spawn a remote command prompt outbound through a firewall via a specific port from a WinXP box. The delivery method is a non-problem. I will ensure the files gets on the system. Mainly I just need to have the shell get sent out of the firewall so i can connect to it.

Any thoughts would be appreciated. Simplicity is key here. As mentioned before this is not a comprehensive test, just a one off.

caveat h4x0r - use of netcat may, can, and WILL likely get you fired if you don't have explicit permission and authorization.

"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --SpafAnyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

So in a nut shell, nc will listen on port 23 for a connection, when you connect it will execute the command prompt.

Bear in mind though that if you are doing this on a enterprise network nc will sit in front of whatever should be running on that port. So say if you ran it on port 139,445 etc it would be sitting in front of legitemate NetBIOS/File sharing applications.

A reverse command prompt means the victim's machine connects back to the attacker.. Not the attacker connecting to the victim..

So I would have a netcat listening on a certain port, fire my exploit at the target, the target connects back to my netcat giving me a command prompt.. You can use this when the target doesn't allow incoming connections but does allow outgoing connections.. This is the reason you should monitor/firewall egress network traffic..

Oliver's Law:
Experience is something you don't get until just after you need it.